/var/log/messages:Dec 3 04:01:18 yabba kernel: Warning: possible SYN flood from a.b.c.d on ip.of.my.box:113. Sending cookies.
Now, this looks to me like some bozo tried to synflood me. Probably had
a look at my server and found almost no TCP services running, thought it
could be an NT box and wouldn't it be fun to nuke me.
But, I could be wrong. Are these messages safe enough that I can go to
the admins and ask them if they know of any offender at their site?
Yes, I know that the IP numbers can be faked. That would not stop me
from contacting the admins of the possibly spoofed IP numbers, though.
I had a few port scans, too. Since my machine runs almost nothing, I
consider it pretty on the safe side now.
For an internet server, that is.
BTW: I installed a small program that logs connecting IP numbers and
have it run by inetd on a few well-known ports so people find something
if they port-scan me. Does anyone see any problem with that (except
that it could overflow my disk space with log messages)
Felix